Information Security
Total Page:16
File Type:pdf, Size:1020Kb
A SA Research Information Security J. Carlton Collins ASA Research - Atlanta, Georgia 770.734.0950 [email protected] Information Security Table of Contents Chapter Chapter Title & Page Count Page Number 1 Locks ‐ (2 Pages) 6 2 Government Compliance ‐ (3 Pages) 8 3 Securing Hard Drives and Laptop Computers ‐ (16 Pages) 11 4 Encryption ‐ (12 Pages) 27 5 Strong Passwords ‐ (7 Pages) 39 6 Windows ‐ Files and Folders ‐ (8 Pages) 46 7 System Restore ‐ (3 Pages) 54 8 Firewalls ‐ (7 Pages) 57 9 Wireless Security ‐ (8 Pages) 64 10 Checking the Security of your PC ‐ (4 Pages) 72 11 Online Security Tests ‐ (3 Pages) 76 12 Windows ‐ User Accounts & Groups ‐ (6 Pages) 79 13 Windows ‐ Screen Savers ‐ (4 Pages) 85 14 Pornography ‐ (4 Pages) 89 15 Sample Contracts ‐ (9 Pages) 93 16 Computer Bread Crumbs ‐ (6 Pages) 102 17 Computer Disposal ‐ (5 Pages) 108 18 Backup Strategy ‐ (14 Pages) 113 19 Viruses ‐ (6 Pages) 127 20 Phishing ‐ (7 Pages) 133 21 Spy Stuff ‐ (14 Pages) 140 22 Privacy Test ‐ (6 Pages) 154 23 Fake IDs ‐ (7 Pages) 160 24 National ID Cards ‐ (4 Pages) 167 25 Fake Social Security Cards ‐ (5 Pages) 171 26 Identity Theft ‐ (14 Pages) 176 27 Employee Theft ‐ (6 Pages) 190 28 Background Checks ‐ (5 Pages) 196 29 Bonding Employees ‐ (3 Pages) 201 30 Asterisk Key ‐ (2 Pages) 204 31 Encryption Analyzer & Passware ‐ (3 Pages) 206 32 Securing Desktop Computers ‐ (3 Pages) 209 33 Windows ‐ Windows Services ‐ (6 Pages) 212 34 Risk of Fire ‐ (3 Pages) 218 35 Credit Card Fraud ‐ (11 Pages) 221 36 Counterfeit Money ‐ (9 Pages) 232 37 Cracking and Hacking Primer ‐ (15 Pages) 241 2 Information Security 38 Pirated Software ‐ (4 Pages) 256 39 15 Top Security/Hacking Tools ‐ (4 Pages) 260 40 Safety Online ‐ (6 Pages) 264 41 Spam ‐ (11 Pages) 270 42 Security Book Reviews ‐ (3 Pages) 281 43 Fingerprint Technology ‐ (6 Pages) 284 44 Appendix A ‐ Instructor’s Biography – (1 Page) 290 3 Information Security Information Security for CPAs Course Information Learning Objectives To make CPAs aware of the multitude of security threats and to provide solutions for minimizing and mitigating those threats. Course Level All levels Pre-Requisites None Advanced Preparation None Presentation Method Live lecture using full color projection systems and live Internet access with follow up course materials Recommended CPE Credit 8 hours Handouts Checklists, Web Links, Manual Instructors J. Carlton Collins, CPA AdvisorCPE is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the national Registry of CPE Sponsors, 150 Fourth Avenue, Nashville, TN, 37219-2417. Phone: 615.880.4200. Copyright © July 2008, AdvisorCPE and Accounting Software Advisor, LLC 4480 Missendell Lane, Norcross, Georgia 30092 770.734.0450 All rights reserved. No part of this publication may be reproduced or transmitted in any form without the express written consent of AdvisorCPE, a subsidiary of ASA Research. Request may be e-mailed to [email protected] or further information can be obtained by calling 770.734.0450 or by accessing the AdvisorCPE home page at: http://www.advisorcpe.com/ All trade names and trademarks used in these materials are the property of their respective manufacturers and/or owners. The use of trade names and trademarks used in these materials are not intended to convey endorsement of any other affiliations with these materials. Any abbreviations used herein are solely for the reader’s convenience and are not intended to compromise any trademarks. Some of the solutions discussed within this manual apply only to certain operating systems or certain versions of operating systems. Some of the material herein has been consolidated and condensed based on research of numerous security books, security articles and security web sites. AdvisorCPE makes no representations or warranty with respect to the contents of these materials and disclaims any implied warranties of merchantability of fitness for any particular use. The contents of these materials are subject to change without notice. Contact Information: J. Carlton Collins [email protected] 770.734.0950 4 Information Security WEB SITES MAINTAINED BY INSTRUCTOR: Main Web Site www.ASAResearch.com Mirrored Web Site www.AccountingSoftwareAdvisor.com Accounting Software Advice Web Site www.AccountingSoftwareAnswers.com Top Accounting Software Consultants www.AccountingSoftwareConsulting.com Accounting Software News Web Site www.AccountingSoftwareNews.com Accounting Software Feature Reports www.AccountingSoftwareReports.com CPE Information Web Site www.AdvisorCPE.com Hot List www.CarltonCollins/footer/hotlist.htm Miscellaneous and Example Web Site www.CarltonCollins.com Technology Advice Web Site www.CPAAdvisor.us Microsoft Excel Web Site www.ExcelAdvisor.net QuickBooks Web Site www.QuickbooksAdvisor.info Microsoft Accounting Systems Web Site www.MBSAdvisor.com Microsoft SBA Web Site www.SBAAdvisor.com Microsoft Office Web Site www.OfficeAdvisor.us We publish all of our materials on the web as a service to the CPA community. Please feel free to learn about our other topics at these great web sites. Thank you. 5 Information Security Locks Chapter 1 6 Information Security Locks Virtually all computers, files, and data are protected behind locked doors, locked cabinets, or locked files – but how secure are those locks? It turns out that most locks today are not very secure at all. Not only can most locks be picked by professional locksmiths, but hundreds of YouTube clips teach novice people how to pick locks as well. As examples, consider these YouTube clips and web sites: Open any padlock with a beer can - http://www.metacafe.com/watch/yt- 1eGxRQlWTrM/open_a_master_padlock_with_a_ beer_can/ Learn how locks work http://www.metacafe.com/watch/yt- cuLC9klMsRI/the_visual_guide_to_lock_picking_p art_06_of_10/ Open door locks with picking tools http://www.metacafe.com/watch/877739/kwikset_d oor_lock_picked/ Make your own pick tools http://www.metacafe.com/watch/1029493/home_ made_lock_picks/ Pick a padlock with homemade pick http://www.metacafe.com/watch/1015152/how_to_ tools open_padlock_lockpicking/ Open door locks with a bump hammer http://www.metacafe.com/watch/yt- zTfEwChCG0U/brockhage_bump_hammer_set/ Open a door lock with a pick gun http://www.metacafe.com/watch/884219/how_to_p ick_locks_with_a_lock_pick_gun_lockpicking_tutor ial/ Open a car with a tennis ball http://www.metacafe.com/watch/410981/blondie_u nlocks_car/ Open car with wood wedge and pole http://www.metacafe.com/watch/1078391/how_to_ unlock_car_without_keys/ Open a tubular lock http://www.metacafe.com/watch/1029502/lock_pic king_tubular_locks/ Pick a club and pick a car ignition http://www.metacafe.com/watch/1029496/lock_pic king_club_and_car_ignition/ Pick tools described http://www.metacafe.com/watch/1363050/lock_pic king_with_all_my_sets_tools/ Order picking tools online http://www.lockpicks.com/index.asp?PageAction= VIEWCATS&Category=204 Order a pick gun online http://www.lockpicks.com/index.asp?PageAction= VIEWCATS&Category=215 Order a bump hammer online http://www.lockpicks.com/index.asp?PageAction= VIEWCATS&Category=324 Order car pick tools online 7 Information Security Government Compliance Federally Required Security Measures Chapter 2 8 Information Security Gramm-Leach-Bliley Act http://www.ftc.gov/os/2000/05/65fr33645.pdf http://www.keytlaw.com/Links/glbact.htm The Gramm-Leach-Bliley Act has been deemed to apply to CPA firms, and nearly all financial institutions. Within this Act, the Safeguards Rule of GLB requires CPAs and financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to continue to protect clients’ nonpublic personal information. Then plan went into effect as of March 2001. This plan must include: 1. Assign at least one employee to manage the safeguards. 2. Constructing a thorough [risk management] on each department handling the nonpublic information. 3. Develop, monitor, and test a program to secure the information. and 4. Change the safeguards as needed with the changes in how information is collected, stored, and used. Do you have a Written Plan? HIPPA Security Requirements The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for the security of electronic health care information. The Act limits the ways that health plans, pharmacies, hospitals and other covered entities can use patients' personal medical information as follows: (For more detail see http://www.castlemans.org/HIPPA/Fact%20Sheet1.htm) 1. Access to Medical Records (Patients can see their own records and correct errors) 2. Notice of Privacy Practices (Patients must be provided notice of privacy measures) 3. Limits on Use of Personal Medical Information (Only minimal information can be shared) 4. Prohibition on Marketing (Patient information cannot be used in marketing) 5. Stronger State Laws (State laws are not trumped) 6. Confidential communications (Communications must be confidential) 7. Complaints (http://www.hhs.gov/ocr/hipaa/ or by calling (866) 627‐7748) 8. Written Privacy Procedures (Now required and must be detailed) 9. Employee Training